回复：[PATCH v2] KVM: VMX: Handle bad values on proxied writes to LBR MSRs

[快乐豆豆]

Thanks for picking this up and reworking the changelog!


原始邮件
发件人：Sean Christopherson <seanjc@xxxxxxxxxx>
发件时间：2026年5月27日 10:26
收件人：Sean Christopherson <seanjc@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>
抄送：kvm <kvm@xxxxxxxxxxxxxxx>, linux-kernel <linux-kernel@xxxxxxxxxxxxxxx>, Xuanqing Shi <1356292400@xxxxxx>
主题：[PATCH v2] KVM: VMX: Handle bad values on proxied writes to LBR MSRs


From: Xuanqing Shi <1356292400@xxxxxx>

Use the "safe" WRMSR API when writing LBRs on behalf of the guest (or host
userspace), and propagate any errors back to the instigator, as the value
being written is untrusted.  E.g. if the guest (or host userspace) attempts
to set reserved bits in LBR_SELECT, then KVM needs to return an error, and
not WARN on the bad value.

Continue using the "unsafe" version of RDMSR, as it should be impossible to
reach the helper with a completely bogus MSR, i.e. WARNing on RDMSR failure
is very desirable, e.g. to make KVM bugs more visible.

  unchecked MSR access error: WRMSR to 0x1c8 (tried to write 0x0000000000004000)
  Call Trace:
   intel_pmu_set_msr+0x4e0/0x7f0 [kvm_intel]
   kvm_pmu_set_msr+0x17e/0x1c0 [kvm]
   kvm_set_msr_common+0xc76/0x1440 [kvm]
   vmx_set_msr+0x5e6/0x1570 [kvm_intel]
   kvm_emulate_wrmsr+0x54/0x1d0 [kvm]
   vmx_handle_exit+0x7fc/0x970 [kvm_intel]

Fixes: 1b5ac3226a1a ("KVM: vmx/pmu: Pass-through LBR msrs when the guest LBR event is ACTIVE")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Xuanqing Shi <1356292400@xxxxxx>
[sean: rework changelog, only modify WRMSR path, tag for stable@]
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---

v2:
 - Rework changelog to better capture the scenario.
 - Keep using the "unsafe" version of RDMSR.

v1: https://lore.kernel.org/all/tencent_744B87186CA59CFD106992329A6510F7F60A@xxxxxx

 arch/x86/kvm/vmx/pmu_intel.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
index 27eb76e6b6a0..22138c487216 100644
--- a/arch/x86/kvm/vmx/pmu_intel.c
+++ b/arch/x86/kvm/vmx/pmu_intel.c
@@ -308,13 +308,15 @@ static bool intel_pmu_handle_lbr_msrs_access(struct kvm_vcpu *vcpu,
   */
  local_irq_disable();
  if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) {
+ int err = 0;
+
  if (read)
  rdmsrq(index, msr_info->data);
  else
- wrmsrq(index, msr_info->data);
+ err = wrmsrq_safe(index, msr_info->data);
  __set_bit(INTEL_PMC_IDX_FIXED_VLBR, vcpu_to_pmu(vcpu)->pmc_in_use);
  local_irq_enable();
- return true;
+ return !err;
  }
  clear_bit(INTEL_PMC_IDX_FIXED_VLBR, vcpu_to_pmu(vcpu)->pmc_in_use);
  local_irq_enable();

base-commit: 9f2a49c511cb05b85745e1578e4fd425bff87f58
-- 
2.54.0.823.g6e5bcc1fc9-goog